github.com/containers/podman/v4@v4.9.4/contrib/podmanimage/README.md

github.com/containers/podman/v4@v4.9.4/contrib/podmanimage/README.md (about)

     1  [comment]: <> (***ATTENTION*** ***WARNING*** ***ALERT*** ***CAUTION*** ***DANGER***)
     2  [comment]: <> ()
     3  [comment]: <> (ANY changes made to this file, once committed/merged must)
     4  [comment]: <> (be manually copy/pasted -in markdown- into the description)
     5  [comment]: <> (field on Quay at the following locations:)
     6  [comment]: <> ()
     7  [comment]: <> (https://quay.io/repository/containers/podman)
     8  [comment]: <> (https://quay.io/repository/podman/stable)
     9  [comment]: <> (https://quay.io/repository/podman/testing)
    10  [comment]: <> (https://quay.io/repository/podman/upstream)
    11  [comment]: <> ()
    12  [comment]: <> (***ATTENTION*** ***WARNING*** ***ALERT*** ***CAUTION*** ***DANGER***)
    13  
    14  ![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
    15  
    16  # podmanimage
    17  
    18  ## Overview
    19  
    20  This directory contains the Containerfiles necessary to create the podmanimage container
    21  images that are housed on quay.io under the Podman account.  All repositories where
    22  the images live are public and can be pulled without credentials.  These container images are secured and the
    23  resulting containers can run safely with privileges within the container.
    24  
    25  The container images are built using the latest Fedora and then Podman is installed into them.
    26  The PATH in the container images is set to the default PATH provided by Fedora.  Also, the
    27  ENTRYPOINT and the WORKDIR variables are not set within these container images, as such they
    28  default to `/`.
    29  
    30  The container images are:
    31  
    32    * `quay.io/containers/podman:<version>` and `quay.io/podman/stable:<version>` -
    33      These images are built daily.  They are intended to contain an unchanging
    34      and stable version of podman. For the most recent `<version>` tags (`vX`,
    35      `vX.Y`, and `vX.Y.Z`) the image contents will be updated daily to incorporate
    36      (especially) security upgrades.  For build details, please [see the
    37      configuration file](stable/Containerfile).
    38    * `quay.io/containers/podman:latest` and `quay.io/podman/stable:latest` -
    39      Built daily using the same Containerfile as above.  The Podman version
    40      will remain the "latest" available in Fedora, however the other image
    41      contents may vary compared to the version-tagged images.
    42    * `quay.io/podman/testing:latest` - This image is built daily, using the
    43      latest version of Podman that was in the Fedora `updates-testing` repository.
    44      The image is Built with [the testing Containerfile](testing/Containerfile).
    45    * `quay.io/podman/upstream:latest` - This image is built daily using the latest
    46      code found in this GitHub repository.  Due to the image changing frequently,
    47      it's not guaranteed to be stable or even executable.  The image is built with
    48      [the upstream Containerfile](upstream/Containerfile). Note the actual compilation
    49      of upstream podman [occurs continuously in
    50      COPR](https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/).
    51  
    52  ## Sample Usage
    53  
    54  
    55  ```
    56  podman pull docker://quay.io/podman/stable:latest
    57  
    58  podman run --privileged stable podman version
    59  
    60  # Create a directory on the host to mount the container's
    61  # /var/lib/container directory to so containers can be
    62  # run within the container.
    63  mkdir /var/lib/mycontainer
    64  
    65  # Run the image detached using the host's network in a container name
    66  # podmanctr, turn off label and seccomp confinement in the container
    67  # and then do a little shell hackery to keep the container up and running.
    68  podman run --detach --name=podmanctr --net=host --security-opt label=disable --security-opt seccomp=unconfined --device /dev/fuse:rw -v /var/lib/mycontainer:/var/lib/containers:Z --privileged  stable sh -c 'while true ;do sleep 100000 ; done'
    69  
    70  podman exec -it  podmanctr /bin/sh
    71  
    72  # Now inside of the container
    73  
    74  podman pull alpine
    75  
    76  podman images
    77  
    78  exit
    79  ```
    80  
    81  **Note:** If you encounter a `fuse: device not found` error when running the container image, it is likely that
    82  the fuse kernel module has not been loaded on your host system.  Use the command `modprobe fuse` to load the
    83  module and then run the container image.  To enable this automatically at boot time, you can add a configuration
    84  file to `/etc/modules.load.d`.  See `man modules-load.d` for more details.
    85  
    86  ### Blog Post with Details
    87  
    88  Dan Walsh wrote a blog post on the [Enable Sysadmin](https://www.redhat.com/sysadmin/) site titled [How to use Podman inside of a container](https://www.redhat.com/sysadmin/podman-inside-container).  In it, he details how to use these images as a rootful and as a rootless user.  Please refer to this blog for more detailed information.